Red Delta

Red Delta is a threat actor, a term used in cybersecurity to describe an entity that executes actions with malicious intent. This could be an individual, a private company, or a government organization. Red Delta has been identified as being involved in a series of cyber threats and attacks. In a historical campaign, this group delivered a Dropbox URL containing a variant of the PlugX malware, which aligns with Recorded Future's analysis of Red Delta's usual modus operandi. Proofpoint researchers have expressed high confidence that the operator involved in recent campaigns delivering the PlugX malware is the same one previously identified in 2020 as part of Recorded Future's Red Delta campaign. The consistency in the type of malware used and the delivery method suggests a significant overlap between these two instances of cyber threat operations. Further reinforcing the connection, Proofpoint assesses that there is a substantial overlap between the entities TA416 and Red Delta. Both groups targeted European diplomatic entities in their campaigns from August 2020 and November 2021. They utilized SMTP2Go to impersonate an external diplomatic organization, a tactic designed to facilitate communication with their end targets. This consistent pattern of behavior underscores the persistent threat posed by Red Delta and similar actors in the realm of cybersecurity.